Comfortable and secure with RFID authentication

The ongoing digitalisation in the process industry means ever-increasing requirements for operating and monitoring systems with regard to ensuring reliable access to production processes, process values and system statuses from the field to the control room. On the one hand, the growing inter-connectedness of automation and communication technology means an increase in data traffic. IoT applications and the need for more efficient use of memory and computer capacity on the other hand drive the virtualisation of formerly hardware-based control and communication architectures. The HMIs must therefore be of robust, reliable design. In addition, they should also feature flexible access options, mature usability and compatibility with a broad range of key control systems.

Staff of many large-scale systems and operations have to change operator stations frequently. Dynamic access management enabling authorised staff to access processes and systems from different terminals is therefore one of the central security aspects. However, security guidelines require a log-off and log-on with user name and password for every change of system.

Adverse conditions such as wearing protective gloves or inaccurately calibrated on-screen keyboards can make the constant log-off / log-on procedures even more cumbersome. Frequently, this leads to counterproductive behaviour, such as staff using passwords without protective function, openly displaying access codes or simply not logging out. An ergonomic solution to this might be biometric procedures using fingerprints or face recognition to check access authority. This method is useless, however, in sensitive areas where staff have to wear protective clothing, gloves and face masks for hygienic reasons.

R. STAHL is the only manufacturer on the market that can equip its explosion-protected Thin Clients with contactless RFID authentication, which reduces the time required for log-on and authorised access to process control and data communication to a minimum. For this, we have developed specific RFID readers for use in Zone 1/21 and 2/22 that are either integrated into the enclosure, available as separate units with USB interface for panel-mounting or are firmly installed under the HMI's front panel, such as with the Thin Client models for use in the oil and gas industry.

The usual log-ons and log-offs in the automation system are no longer necessary due to the RFID access control, which meets the current security requirements according to FDA and GAMP. Following the user authentication via card or chip and after a password has been entered, the system will immediately call up the individual, customised start menu with the applications available for the specific user. In addition to transponders with MIFARE, DESFIRE, EV1 or LEGIC Advant, our RFID readers now also support the use of a particularly comfortable log-on system.

RFID readers provide a simplified authentication management via RFID cards. The reader's compatibility with various reader technologies simplifies implementation at sites where staff already use transponder cards for other areas of application. In addition, the readers' support of LogOnPlus mean a considerable increase in comfort whilst maintaining high security standards. Users are, for example, identified through their RFID ID card, authenticated vis-a-vis the company's active directory and then logged on to the target application, e.g. a DCS, by LogOnPlus via an application-specific connector.